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MBANERABILITY DISCLOSURE 





The Zero Day Initiative” (ZDI) was founded in 2005 to encourage the 
coordinated reporting of zero-day vulnerabilities to affected vendors by 
financially rewarding researchers through incentive programs. 


It enables Trend Micro to extend its internal research teams 
by leveraging the methodologies, expertise and time of 
external researchers, and protect customers while an 
affected vendor is working on a patch. 


TZ The Zero Day Initiative is the world’s largest 
agnostic bug bounty program and the leader 
in global vulnerability research and discovery 
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ZERO DAY INITIATIVE 





1,045 81 days 


average preemptive protection 
for Trend Micro™ TippingPoint™ 
customers ahead of vendor 


6,/00+ patch in 2019 


vulnerabilities published since inception 
A Top provider 
sije of vulnerabilities to ICS-CERT, 
Over $25 million USD Oe conte 


awarded since inception 


vulnerabilities published in 2019 
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An unpatched ZDI responsibly and Simultaneously, ZDI allows the The vendor either ZDI will publicly and 
vulnerability is promptly notifies Trend Micro creates vendor four releases a patchor responsibly disclose 
submitted to ZDI the vendor of the a security filter to months to address indicates to ZDI that the details of the 
for validation and vulnerability found protect customers the vulnerability the vulnerability will vulnerability online 
purchase in their product from the unpatched not be patched 


vulnerability 


TREND MICRO CUSTOMERS PROTECTED AHEAD OF PATCH 


OTHER SECURITY VENDORS' CUSTOMERS AT RISK LLL 


Variants of an exploited vulnerability may 
not be protected by traditional exploit 
signatures from other vendors and may 
leave their customers susceptible to 
future attack 
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2019 Global Public Vulnerability Research Market 





In their report, "Quantifying the Public Vulnerability Market", OMDIA found 
the Zero Day Initiative was #1 in vulnerability disclosures in 2019. The 
report covers vulnerabilities that have been disclosed by public 
vulnerability reporting organizations. 


1,095 49% 

of the 805 vulnerabilities categorized 
as "Critical-severity" and 
"High-severity" were disclosed by ZDI 


total number of publicly disclosed 
vulnerabilities 


52% 66% 

of the 2018 publicly disclosed of the 560 vulnerabilities across the 

vulnerabilities were disclosed by ZDI top three vendors (Adobe, Microsoft, 
FoxIT®) were disclosed by ZDI 


58% 55% 
of the 650 vulnerabilities across the 
top three flaw types were disclosed 


by ZDI 


ZDI published the most vulnerabilities in 
the High, Medium, Low severity levels 
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WITHOUT ZDI, 


many vulnerabilities would continue to remain behind closed doors, or sold to 
the underground market and used for nefarious purposes. 


ZDI's long-standing relationships with software vendors and 
the research community help influence the importance of 
security in the product development life cycle, leading to 

more secure products and more secure customers. 
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To download the full OMDIA report "Quantifying the Public 


Vulnerability Market, 2019" click here 





